One of the biggest pieces of news to come out of the data security world recently was California Attorney General Kamala D. Harris’s report on data theft in California in 2012. In the report, the Attorney General details more than 2.5 million instances of Californians having their personal data, such as credit card numbers or Social Security numbers, compromised by data theft.
The biggest thing to take away from this report? Of the 2.5 million instances of data theft, approximately 1.4 million of them occurred because no encryption or data security measures were in use. Additionally, 45 percent of the 131 breaches that occurred were due to intentional attacks by outside parties, and another 27 percent due to “physical failures” – that is, computers, disks, or documents being lost or stolen.
In other words, the biggest risks to the security of your customer data are not securing it properly and keeping it in your system. With proper encryption methods and security measures, the number of people affected by these attacks would drop sharply, and the companies responsible for securing the data wouldn’t be in hot water with the government or payment card companies.
The problem with this report, though, is that it recommends encryption as the be-all, end-all of data security. However, if you have encrypted data in your system, that data can still be stolen and cracked. It might take time and effort on the part of the data thief, but eventually the encryption can be broken, and the data can be used in whatever nefarious way the thief wants.
The Attorney General’s report doesn’t mention tokenization, but we feel like it would solve several of the problems mentioned here in one swoop. With tokenization, data thieves can’t steal your customer data because there isn’t anything to steal. All you store in your system is the tokens, and since tokens are not encrypted data, they can’t be cracked and used against your customers.
The same goes for the loss of computers and documents. Since tokenization prevents sensitive data from ever entering your environment, your computers and disks don’t hold any information that would need to be secured.
In other words, tokenization removes a huge portion of the risk that comes with handling and securing sensitive data. This is a system that can protect you from the vast majority of situations in which data breaches occur.
There’s no reason to think that California is unique in experiencing data breaches. Your business needs to protect itself from the risk of handling and securing sensitive data, and tokenization could be the best way for you to reach that goal. Your customers and your finances will thank you.